Problems following links over an APP

2006-10-25 20:12  i752    [permalink]

Since Microsoft Security Bulletin MS04-038, following a link on a page served over a custom [[Asynchronous Pluggable Protocol Handler]] might no longer work. I suspect some work has been done on HTML-security to prevent phishing attacks.

The easyest way to solve the issue is to no longer implement the [[IInternetProtocolInfo]] interface. When investigating the other protocol handlers provided by a default Windows system, almost none of the handlers implement the interface on the object that implement [[IInternetProtocol]], implement also [[InternetProtocolInfo]]. (I also noticed QueryInterface might not work and you really need to CoCreateInstance with the CLSID and IID directly.)

The "ms-help" handler does, but gives E_NOT_IMPL on all QueryInfo calls, I haven't checked the other methods yet, so I can't tell why the "ms-help" uses the [[IInternetProtocolInfo]] interface.

→